If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Best guess: someone figured out your linux password? I do not know how you access
your server remotely but obviously someone does.

Hacking is a tricky thing - sometimes the easiest method is the least obvious.

If you have a simple password and I can sniff out your password hash database (I don't
know what it is called really) and extracted the MD5 hash or which ever, I could either
brute force your password or use a rainbow table.

If you allow visitors to post information through a shoutbox or mini forum then there is
always the possibility that someone was able to bypass any active content filters and
inject some malicious code which actively modified the files on your sever.

Having changed one security aspect: you password, wait. If it happens again look for a
solution elsewhere. Always make one change and test the result.

all page data should come thrue the index and the top of each file should be conditioned on being accessed by the index }else{ exit; } or kill;
the index should never be writable perm-0555, and sql is the worst idea for passwords. flatfile above the web-root instead.
after all, sql is simply a flatfile organizer.

all page data should come thrue the index and the top of each file should be conditioned on being accessed by the index }else{ exit; } or kill;
the index should never be writable perm-0555, and sql is the worst idea for passwords. flatfile above the web-root instead.
after all, sql is simply a flatfile organizer.

SQL is fine for passwords as long as a good hash with a salt is used. If the OP is on a shared host it might've been another poor consumer who was initially hacked in which case there really might not have been anything the OP could have done.

SQL is fine for passwords as long as a good hash with a salt is used. If the OP is on a shared host it might've been another poor consumer who was initially hacked in which case there really might not have been anything the OP could have done.

If you allow visitors to post information through a shoutbox or mini forum then there is
always the possibility that someone was able to bypass any active content filters and
inject some malicious code which actively modified the files on your sever.

Having changed one security aspect: you password, wait. If it happens again look for a
solution elsewhere. Always make one change and test the result.

I was planning to add a shoutbox to my site, and seeing this post, im now pondering if it is safe to add the shoutbox.